Beruflich Dokumente
Kultur Dokumente
IT Carve-Out Guide
Technischer
Technische Universitt Mnchen
Bericht
Institut fr Informatik
IT Carve-Out Guide
A manual for the separation of IT during corporate re-organizations
Florian Matthes, Alexander Schneider, Christopher Schulz
Abstract
Contents
1 Introduction
1.1 Motivation . . . . . . . . . . .
1.2 Contribution . . . . . . . . . .
1.3 Target group . . . . . . . . .
1.4 Guide sources and compilation
2 Foundations
2.1 Definitions . . . . . . .
2.2 Participants . . . . . .
2.3 Drivers . . . . . . . . .
2.4 Course of action . . . .
2.5 Typification . . . . . .
2.6 Separation agreements
2.7 Role of IT . . . . . . .
2.8 IT carve-out strategies
2.9 IT cooperation model .
2.10 IT carve-out readiness
2.11 IT elements . . . . . .
2.12 IT data . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. . . . . .
. . . . . .
. . . . . .
approach
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
3 IT carve-out workstreams
3.1 Legal . . . . . . . . . . . . . . . .
3.2 Organization and carve-out team
3.3 Software licenses . . . . . . . . .
3.4 Service contracts and projects . .
3.5 Security . . . . . . . . . . . . . .
3.6 Corporate-wide systems . . . . .
3.7 Local systems . . . . . . . . . . .
3.8 Infrastructure and networks . . .
3.9 System access rights . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
4
4
4
5
5
.
.
.
.
.
.
.
.
.
.
.
.
7
7
7
8
8
10
10
11
12
14
14
15
16
.
.
.
.
.
.
.
.
.
19
21
23
25
27
29
31
35
36
38
4 Conclusion
41
5 Glossary
43
c TU M
unchen, sebis, 2012.
1
Introduction
1.1
Motivation
1.2
Contribution
The present guide focuses on the dimension of IT within carve-outs. At first, a general
overview on this type of business transaction is given, covering, among others, definitions,
causes for carve-outs, as well as affected IT elements. Second, the document provides
tangible pointers on the separation of the different IT elements as well as means to prepare
their subsequent integration into a buying organization. This means, that objectives,
constraints, indications, and concrete activities are pointed out which are useful for the
sustained split-off of IT organizations, processes, and systems. Thereby, the knowledge base
this guide builds on originates either from the limited number of sources in the domain or
an extensive case study we as a research chair have accompanied between December 2011
and March 2012 at a German car manufacturer.
1
A Deloitte Corporate Finance study from 2010 suggests a total number of 12.000 carve-out transactions
with an overall volume of 600 billion US-dollar in 2009 [De10].
c TU M
unchen, sebis, 2012.
Remark:
As made clear in the abstract, this guide focuses on an IT carve-out scenario in which the
subsidiary remains on the shared IT of the selling organization. Thereby, the seller and a
potential buyer are multi-business organizations, thus entities which encompass more than one
subsidiary.
1.3
Target group
The targeted readers of this document are twofold: First, IT management initiating a
carve-out program may use this guide as it contains practical help allowing to foresee and
ease potential stumbling blocks and pitfalls. Second, academics striving for a comprehensive overview on the topic should have a closer look on this document as it includes a
comprehensive collection of current literature in the realm of IT de-mergers. In identifying
blind spots, the document finally derives questions for future research projects addressing
researchers from the research domain of business informatics, software engineering, and
business mathematics.
1.4
In essence, this guide originates from two main sources: a thorough literature review as
well as a multi-faceted case study. While the discovered scientific knowledge forms a solid
foundation, most of the practical pieces of advice presented in this document have been
observed during the case study.
When embarking on IT carve-outs the first step of our research approach was to analyze
current literature on the respective topic. In total, 20 substantial sources examining IT
carve-outs have been studied from October to December 2011. We identified the literature
by applying backward and forward search in the scientific databases IEEE xplore, google
scholar, and citeseer. As keywords we applied the terms information technology, IT,
carve-out, de-merger, and separation in various combinations. The main results of this
survey are presented in Chapter 2.
Furthermore, we conducted a case study between December 2011 till March 2012. Thereby,
we observed and attended an actual IT carve-out project program undertaken by a German
car manufacturing company. During the research project, twelve expert interviews each
lasting for more than 120 minutes each have been conducted in order to externalize the
experts knowledge and lessons-learned about the experienced carve-out. The interviewees
came from different departments including legal, IT, infrastructure, and project management. In addition to these interviews, the entire project documentation has been perused
in order to extract and generalize the knowledge contained therein. This included, among
c TU M
unchen, sebis, 2012.
others, slides and final reports from the selling organization, the subsidiary, and the buying
organization. The overall amount of time invested in this case study by the authors was
approx. 200 hours. The annonymized results form the core basis for the nine workstreams
outlined in Chapter 3.
c TU M
unchen, sebis, 2012.
2
Foundations
The following sections set the stage for our guide. Besides basic terms and concepts,
literature sources are provided representing starting points to dive further into the realm
of (IT) carve-outs.
2.1
Definitions
Generally speaking, carve outs involve the separation of a set of related assets, which
are not strategic for the company but currently integrated in its operations, into a new
subsidiary. Third-party capital is then introduced into the new entity or it is sold entirely
to a strategic buyer.
Final outcome of a carve-out is a newly traded firm as pointed out by Michaely and
Shaw [MS95]. Further, the two authors differentiate between an equity carve-out and a
spin-off. In the former case, the subsidiary is sold by issuing parts of the stocks (usually
20% or less). This helps the selling organization to acquire new capital while retaining
control of its sold parts through the holdback of the majority of shares [Do12]. In the
latter case, which is also called spin out, all subsidiary shares are distributed among the
former stakeholders who can sell these shares to further investors [MS95]. In line with
Boehm et al. [Bo10], we denote the process of separating IT from its former company as
IT carve-out.
2.2
Participants
A carve-out involves at least two different organizations. More precisely, the participants
are:
1. Selling organization (abbr. seller), i.e., the selling entity which disposes distinct
parts of its assets.
1
Comprehensive information about carve-out synonyms and related terms like divestment, divesture,
demerger, and disintegration are provided in [Bo10].
c TU M
unchen, sebis, 2012.
2. Carve-out object (abbr. subsidiary), i.e., the separated assets of the selling organization.
3. Buying organization (abbr. buyer), i.e., the purchasing entity in which the separated carve-out object will be integrated. It is possible to distinguish between buyers
with a strategic and a financial focus [MS95].
Even with no buyer intending to purchase the demerged entity, carve-outs are oftentimes
intricate transformation endeavors. The complexity increases tremendously if a third organization acquires the carve-out object given that additional inter-organizational communication channels, processes, and project structures have to be put in place. The fact that
the seller, the subsidiary, and the buyer are forced to continue their business operations
aggravates the already unfamiliar situation. Besides the daily business, the participants
now have to cope with carve-out as well as integration activities. However, these additional
work streams are not isolated but exert a significant influence on the usual operations of
the organizations.
2.3
Drivers
There are multiple business reasons resulting in a carve-out. Below a list of drivers causing
the permanent separation of a subsidiary. Additional information can be found in [Ca03,
Le08]:
Refocusing of the seller on its core business
Weak economical results of the carve-out object
Need for capital to pay off the sellers debts
Investing in alternative focus areas
Certainly, instead of carving out parts of the enterprise, the respective business unit could
undergo profound restructuring measures.
2.4
Course of action
In line with Fahling et. al. [Fa09], an ideal-typical carve-out consists of four sequential
phases as illustrated in Figure 2.1. A dedicated milestone separates a phase from its
predecessor and successor respectively. The carve-out of IT takes place in parallel to the
PreClosing, Transition, and PostCutting phase.
c TU M
unchen, sebis, 2012.
Signing
PreSigning
Closing
PreClosing
Day One
Cutting
Transition
PostCutting
IT carve-out
Abstimmung
Abstimmung
Rechtliche
The Project Management Office (PMO)
and related project structures
are set up in the
Technologische
Vorgabenformed IT carveUmsetzbarkeit
course of the PreClosing phase. Now
its also the time when a dedicated
out team starts to Informationsmark
those IT elements whichFachbereich
have to be logically or physically
sepaRechtswesen
technologie
rated. The phase ends with the closing
milestone. From the next day
onwards (also called
Fachliche
Fachliche
Anforderungen
Day 1), the carve-out object isAnforderungen
transferred to the buyer. The
change of possession is
accompanied by the legal (but not necessary technological) independence of the object
from the seller.
During subsequent Transition phase, the three organizations perform the lions share of the
separation and integration work. Throughout a very long and tedious period, the IT carveout team splits all previously marked IT elements and makes them available to the buyer.
A cutting milestone marks the phases end. From now on, seller and carve-out object have
an autonomous IT. This also holds true for any temporary IT service agreements which are
(with a few exceptions) terminated by mutual consent. If the businesses are already able
to operate independently from each other, one speaks of a standup situation [AA10].
Possible clean up and rework is done in the PostCutting phase. Especially the IT departments are often still in charge of rectifying temporary workarounds [Fa11]. Mostly, these
intermediate makeshift solutions have been adopted to either generate quick wins for business or comply with legal requirements. In any case: it is indispensable that IT considers
the requirements raised by legal as well as the participating organizations.
c TU M
unchen, sebis, 2012.
2.5
Typification
Table 2.1 depicts three types of carve-outs as found in literature [Le08]. The distinguishing
factor is the treatment of the carve-out object once it has been separated from the seller.
In case the carve-out object is not directly acquired by the buying organization with the
dawn of Day 1, it becomes a legal and economical independent entity first. Sources
speak of a stand-alone carve-out [Le08] highlighting the autonomous trait of this form.
Stand-alone carve-out
Carve-out object as a standalone organization without
integration into the buyer
Merger carve-out
Both, merger and joint venture carve-out necessitate explicit integration efforts after the
subsidiary has been detached 2 from its former company. Separating as well as integrating
parts of a company can be complex and intricate, especially when being performed in
very close succession. As shown in Figure 2.2, the two activities take place on a business,
legal, and technical level. On top of that, the participants all pursue their individual
and optimistically set carve-out and merger/joint-venture goals while being obliged to
maintain a fully functional IT. Different or even conflicting interests oftentimes affect the
relationship between the actors leading to an ambivalent atmosphere sometimes referred
to as co-optition by literature [Bo11]. For instance, whereas the seller might prefer to leave
the software licensing model of its separated business untouched, the buyer rather intents
to harmonize the licenses across all of its business divisions due to economies of scale.
Business, legal, and technical carve-out
of the subsidiary from the sellers organization
2.6
Separation agreements
Even if the seller and carve-out object do no longer belong to the same organization,
there is still a high chance of interdependencies caused by, among other things, continuing
2
Authors like Cascorbi use the term desintegration when speaking of the activities inverse to an integration [Ca03]
10
c TU M
unchen, sebis, 2012.
business relations. Most probably, the seller still offers (IT) products and services to the
separated entity until the latter is able to stand on its own feet. However, given that both
organizations may be in competition with each other, any type of relationship has to be
at usual market conditions while being made transparent to the legal authorities, thus will
stand up to legal scrutiny. Put differently, an arms length principle has to be applied
ensuring the condition or the fact that the parties to a transaction are independent and
on an equal footing [Wi12].
In general, an (IT) separation agreement between the two entities is valuable for establishing agreement on key issues [DW08]. Literature distinguishes between two different
types of legal documents applied in carve-out situations. As a legally binding document,
the Asset Transfer Agreement (ATA) defines which assets are going to be transfered to the
carve-out object [AA10]. Similarly, the Transition Services Agreement (TSA) states which
services the seller continues to provide to the new company during a limited period of
time [TM11]. Equally binding for the organizations, the well-defined and closely managed
document also comprises the associated costs as well as terms and conditions [AA10]. Generally, TSAs delay the actual separation at the expense of additional costs and reduced
flexibility [BESC07]. If they are applied, the participating entities should have reached
consensus even on nitty-gritty details. Further, the concept of a so-called black-list helps
to mark and memorize the subset of services, which should not be provisioned or requested
by the organizations [Bo11].
2.7
Role of IT
As discussed above, a carve-out is mostly business driven. However, structuring and managing IT in a carve-out transaction can turn out to be a very complex undertaking [TM11].
Consequently, concerned IT departments should be involved early on and with a high
degree of intensity [Le08]. Most perfectly, this involvement happens when the deal is
struck [TM11], i.e., before the carve-outs transition phase. In particular the crucial role
IT has gained over the last decades within organizations (IT as enabler instead of a
pure supporter of business needs [BESC07]) underlines the urgent need for including a
technology perspective right from the start of the carve-out activities.
However, despite the proliferating number of interdependencies between business and IT,
other dimensions should not be neglected. Among others, organizational, process, financial, strategical, and communicational aspects have to be taken care of as well (cf. Figure 2.3). Certainly, the separation and subsequent consolidation of one distinct dimension
is not performed in a vacuum. Instead, there exist cross-dimensional interactions with
other dimensions which have to be accounted for when advancing the desintegration and
integration work.
The phrase of Melvin Conway can be taken as a famous example for the reciprocal interaction between dimensions. Coined in 1968, the adage says that any organization that
c TU M
unchen, sebis, 2012.
11
PreSigning
PreClosing
Transition
PostCutting
Strategy
Financial
Legal
Products
Organization
Processes
Information Technology
Communication
designs a system (defined broadly) will produce a design whose structure is a copy of the
organizations communication structure [Co68]. What would later just be called Conways
law describes the phenomenon that the communication dimension of an organization has
a bearing on its IT. Hence, a business model which imposes a decentralized organization
structure almost inherently entails a decentralized application landscape.
2.8
IT carve-out strategies
Given the legal separation of selling organization and subsidiary being acquired by another
entity, three different strategies for the IT can be distinguished:
1. Retention: IT remains at the parent company.
2. Transition: IT of the acquiring company is used.
3. New-build: IT is built from scratch.
Due to different reasons such as costs, estimated time, and potential risks the new-build
strategy can be neglected. As a consequence, the selection of an IT strategy is restrained
to two alternatives: use the sellers IT or use the buyers IT (cf. Figure 2.4). In addition,
the IT strategy has to define whether the required IT will be cloned by physical separation or if a shared use model will be pursued. Shared IT with the seller often leads a
logical separation due to legal reasons. All three strategies can also be combined which is
called best-of-breed or cherry-picking [Sc11]. Thereby, one part of the required IT can be
implemented from scratch while other parts are shared or duplicated.
12
c TU M
unchen, sebis, 2012.
Products
Organization
Processes
Information Technology
Communication
IT
carve-out & integration
IT
selling organization
IT duplication
IT sharing
IT
new-build
IT
buying organization
IT duplication
IT sharing
For a stand-alone carve-out without an acquiring organization and therefore no IT integration, of course the choice of IT strategy is limited to retention and new-build.
The selection of an IT strategy results in several technical and organizational consequences
for seller, carve-out, and acquiring organization. These consequences are not limited to
the respective IT departments but affect also business units. Table 2.2 list some common
consequences for the previously described IT strategies. Thereby, there is no distinction
between shared IT and cloned IT and also a combination of strategies is not addressed.
Strategy
Selling organization
Subsidiary
Buying organization
Interface development
The implications of a selected IT strategy can affect the involved entities to a different extent. Therefore, target conflicts can emerge which should be considered by the participants
in advance before the divergence in demands will be negotiated.
c TU M
unchen, sebis, 2012.
13
Signing
Closing
PreSigning
2.9
Day One
PreClosing
Cutting
Transition
PostCutting
IT carve-out
IT cooperation model
IT processes
Licenses
Data
IT projects
Technical
constraints
Informationtechnology
Business
Business
requirements
Legend
Inter-organizational coordination
Legal
Business
requirements
Intra-organizational coordination
Next to the intra-organizational cooperation between the three entities, a carve-out always
necessitates an inter-organizational coordination. This fact is accounted for by the overlapping rectangles and the directed loop, both depicted in Figure 2.5. However, before
interacting with its respective counterpart, the three departments business, legal, and IT
should be internally aligned, thus speak with one voice to the respective other organization. Against this background, the situation where one IT organization acts as a mediator
between the two business departments should be avoided. Instead, the business departments have to come to an agreement before handing down their coordinated requirements
to their respective IT units.
2.10
IT carve-out readiness
In order to smooth a prospective IT carve-out, proactive actions can be carried out even
before the PreSigning phase begins. For example, during the development of new software
14
c TU M
unchen, sebis, 2012.
2.11
IT elements
Within this guideline we use a common separation for IT which is visualized in Figure 2.6.
Thereby we distinguish between IT assets, IT organization, and IT processes as well as IT
projects. The IT assets are further divided into technical parts such as IT infrastructure and
networks, IT components, and local as well as global IT systems. Thereby, IT infrastructure
comprises all physically existing hardware, e.g. network, hard discs and switches, whereas
IT components, e.g. operating systems, database management systems and application
servers, form reusable building blocks for IT systems.
Signing
Closing
Day One
Cutting
All kinds of IT assets can be acquired physically or by license. They are operated by IT staff
and IT processes and they are changed by IT projects. The quality of services provided by
PreSigning
PreClosing
Transition
PostCutting
IT assets is determined
in respective
Service Level
Agreements
(SLAs) which are negotiated
between service provider and service consumer. Service consumers are business units as
IT carve-out
well as the IT department itself.
Business processes
IT services
SLAs
Global IT systems
IT processes
Licenses
Data
IT projects
IT assets
Local IT systems
IT organization
technologie
c TU M
unchen, sebis, 2012.Business
requirements
Legend
Inter-organizational coordination
Legal
Business
requirements
Intra-organizational coordination
15
tion has to be established for all interrelated IT assets introduced before. Furthermore,
already started IT projects and licenses have to be reevaluated. Thus, the more detailed
information about the existing IT assets of the parent company is available, the better the
decisions about the carve-out companys IT. In other words, a good documentation of the
as-is IT architecture eases the design of both to-be IT landscapes. By contrast, if information about the actual IT is rarely available the time-consuming and resource-intensive
homework of documenting has to be done before carve-out decisions can be made.
2.12
IT data
As pointed out in Figure 2.6, within an organization data plays a cross-functional role.
While it is kept physically by the IT infrastructure (e.g., hard disc, magnetic tape), IT
systems run calculations on it or display the respective results on the screen. In turn, IT
services allow users to make changes, hence inserting, deleting, or updating.
In a carve-out, all those data becomes critical which is exclusively attributed to either
the selling or the buying organization. Hence, during and after the carve-outs execution,
the access to critical data has to be granted to seller or buyer respectively. Table 2.3
proposes a exemplary set of qualitative criteria determining the criticality of a certain data
class. In combination, the two columns data class and criticality criterion constitute
a data classification scheme. In each carve-out, the schema has to be conjointly worked
out by the business and legal departments of the participating entities accounting for legal
particularities and specific business constraints.
If at least one carve-out participant classifies certain data as being critical, all IT systems
which store this particular data must be considered as being critical, too. Once an IT
system is marked critical, logical or even physical separation becomes mandatory. The
separation of the data, which inevitably comprises the separation of IT systems, has to be
performed in a bi-directional manner. Consequently, it has to be ensured that
1. the seller cannot access the data of the carve-out object any longer, as well as
2. the carve-out object has no longer the possibility to retrieve the data from its former
parent organization.
Generally, its the task of the IT departments to decide how the separation is actually
realized. Whereas a physical separation (i.e., technical split of hardware) always implies a
logical one (adjustment of software), the other way around is not the case. Of course there
are exceptional cases making the separation of IT systems obsolete. For instance, in many
occasions user specific contact data (e.g., Outlook address lists) can remain in the same
non-separated IT system as long as all users of this system sign a dedicated non disclosure
agreement.
16
c TU M
unchen, sebis, 2012.
Data class
Personal data
Criticality criterion
Critical according to the organizations' guidelines and/or data protection
regulations of the governments
Critical if data is kept in a personal data IT system (person's name in conjunction
with birth date, salary, biography, etc.)
Not cricital if data reveals general communication details (e.g., e-mail
addresses, company phone number, user identification)
c TU M
unchen, sebis, 2012.
17
18
c TU M
unchen, sebis, 2012.
3
IT carve-out workstreams
The workload of an IT carve-out where the subsidiary remains on the sellers IT can be
separated into nine distinct workstreams. As visualized in Figure 3.1 the topic-centric
streams start in different phases of the carve-out project. This guide subdivides each
workstream into the four sections objective, constraints, pieces of advice, and course of
action.
PreSigning
PreClosing
Transition
PostCutting
Legal
Organization
Licenses
Services
Security
Corporate-wide
Local
Infrastructure
Access rights
Within each workstream depicted in Figure 3.1 the respective tasks are accomplished by
different actors. For example, the tasks within the legal workstream have to be performed
by the legal department. A holistic overview of the main actors involved during the nine
workstreams is presented in Table 3.1 wherein each actor or group of actors is briefly
described and linked to each workstream in which they play a major role.
The next part of this guideline successively describes the nine workstreams and their enclosed activities. Their content mainly stems from the generalized and abstracted findings
we gained when examining the case study. Despite our efforts to mirror this practice-proven
knowledge to the extant literature, we could only find few sources which strengthened our
observations.
c TU M
unchen, sebis, 2012.
19
Actor/department
Auditor
Description
Workstreams
An individual qualified to conduct IT audits, Infrastructure and networks
thus assess IT solutions regarding their
conformance with legal or organization
specific regulations. Auditors can be of
organization internal or external nature.
IT department
Legal
Organization and carve-out team
Corporate-wide systems
IT employee
IT system
administrator
IT system owner
Legal department
20
c TU M
unchen, sebis, 2012.
3.1
3.1.1
Legal
Objectives
The core objective of this workstream is to develop an obligatory legal framework expressed
by concrete principles and guidelines. This framework is binding, thus have to be taken
into account by all other workstreams. Furthermore, mechanisms for legal reviews are
elaborated. They are used to assess the IT solutions being developed in course of the
carve-out in respect to their conformity to the framework.
3.1.2
Constraints
Continuous and pro-active collaboration of the legal departments during and after
the carve-out.
3.1.3
Pieces of advice
3.1.4
Course of action
1. The legal departments of selling, buying, and carved-out organization collectively set
up a legal framework for each single workstream. The framework comprises relevant legal guidelines and principles (cf. Table 3.2) while incorporating the national
legislation of the participating organizations.
2. The legal departments of all involved organizations conjointly define different mechanisms which determine how the developed IT solutions elaborated in the workstreams
are validated according to the established framework.
3. The business departments of involved organizations derive IT requirements from the
legal framework (e.g., required separation of data).
c TU M
unchen, sebis, 2012.
21
Workstream
Tasks
Legal
None
None
Software licences
Corporate-wide systems
Local systems
4. The IT departments (in the role of a business unit) derive requirements regarding
the set of IT systems they are using to provide IT solutions and services (e.g., user
account management platform, development environment system).
5. The legal departments accompany the IT carve-out from a juridical stance on an
ongoing basis. They frequently validate IT solutions with regards to the established
legal framework and act as a primary contact for legal questions.
22
c TU M
unchen, sebis, 2012.
3.2
3.2.1
The main objective of this workstream is to set up a new IT organization affiliated to the
subsidiary. Additionally, an IT carve-out team has to be formed by recruiting capable
employees from all involved organizations. The goal of such a dedicated task force consists
in identifying all separation/integration tasks, prioritizing and ordering them, allocating
necessary resources, and orchestrating their execution. Last, the workstream addresses
organizational bottlenecks. The increased workload, caused by the inevitable integration
and separation activities, can be eased by employing external professionals.
3.2.2
Constraints
3.2.3
Pieces of advice
23
3.2.4
Course of action
24
c TU M
unchen, sebis, 2012.
3.3
3.3.1
Software licenses
Objectives
The main objective of this workstream is the reorganization of the sellers software licenses.
Basically, the software is required to render the IT services to the business departments.
A reorganization includes
a reallocation of software licenses for the selling company as well as
a potential new allocation for the subsidiary.
In terms of this guide, a software license can be defined as the permission a licensor grants
to a licensee, allowing the latter to run the licensors software on desktop PCs, notebooks,
mobile devices, or in data centers.
3.3.2
Constraints
Within this workstream, licenses for embedded software are disregarded (e.g., machine control software).
3.3.3
Pieces of advice
3.3.4
Course of action
1. The IT carve-out team gathers information about the as-is state of the selling organizations software licenses and stores this data in a license repository. The repository
c TU M
unchen, sebis, 2012.
25
keeps the number of actual users while leaving aside the actual softwares place of
installation.
2. The IT carve-out team determines the to-be state of software licenses for the selling
organization. If requested, the team additionally describes the to-be state for the
subsidiary.
3. The IT carve-out team delivers the as-is state as well as the to-be state(s) to the
respective procurement department(s). The latter is then responsible for taking
appropriate measures in order to comply with legal requirements. For example, this
includes contacting the licensor for renegotiating the software licenses.
26
c TU M
unchen, sebis, 2012.
3.4
3.4.1
The main objective of this workstream is the negotiation and conclusion of IT service
contracts for the subsidiary. An IT service is made up from a combination of people,
processes, and technology [OG07] offered by the IT department to the business. To define
its provisioning quality distinct SLAs, which are part of the contract, are used. After
the carve-out, an individual IT service can be rendered by either the seller or an external
provider. Besides the services and their contracts, underlying IT support structures (e.g.,
help desk, 1st-level support) as well as ongoing and planned IT projects are reorganized
within this workstream.
3.4.2
Constraints
3.4.3
Pieces of advice
In case the IT systems of seller and subsidiary remain identical after the carve-out,
the IT services delivered by those systems are homogeneous as well (IT strategy
retention, cf. Chapter 2). Nevertheless, the associated SLAs may vary.
To foster a final and definitive separation of selling organization and subsidiary, the
subsidiary should have the possibility to negotiate and sign its IT service contracts
by itself.
Since the relationship between seller and subsidiary changes with Day 1 of the carveout, the IT service contract negotiation process has to be altered accordingly (e.g.,
dedicated contract template for IT services).
The negotiation and contractual arrangement of international or intra-organizational
cost allocation for IT services requires expertise in various fields, among others, taxes,
legal, and compliance. A mere IT service definition from an IT perspective is thereby
not enough. All negotiated services have to be based on a clear cost model [DW08].
The IT support structure may or may not be physically identical for selling organization and subsidiary.
c TU M
unchen, sebis, 2012.
27
3.4.4
Course of action
1. The IT carve-out team analyzes and determines all IT services which are required
by the subsidiarys business units. Thereby, the team distinguishes between services
which will be provisioned by
(a) the selling organization and
(b) external service providers.
For both types, the carve-out team documents the to-be state with the help of an IT
service catalog.
2. The legal departments acting in agreement with taxation and controlling draw up
contracts between seller and subsidiary for all to-be IT services and IT projects
provisioned by the sellers IT department. Subsequently, the sellers IT and the
subsidiarys procurement department sign these time-limited contracts. Instead of
signing multiple individual contracts, it is also possible to agree upon a framework
contract consisting of several individual agreements.
3. The subsidiarys procurement department independently negotiates and signs further
IT service contracts with external service providers.
4. The IT system owners of the selling organization adjust their system maintenance
and development plan in order to reflect the actual distribution of costs. As long
as using the IT services of the former mother, the subsidiary is also charged for any
modifications done to the respective IT systems.
5. The IT carve-out team instructs an IT services and projects contact person, for either
the seller and the subsidiary. After the transition phase, these two contacts are in
charge of adjusting and renegotiating the IT services and projects contracts against
the background of new internal and external conditions.
28
c TU M
unchen, sebis, 2012.
3.5
3.5.1
Security
Objectives
3.5.2
Constraints
Exchange and mutual acceptance of the IT security framework of seller and buyer.
The IT security departments liaise with the legal, internal audit, and data protection
department. Legal requirements need to be translated into IT requirements.
Any IT solution has to be at least in its concept/design phase if it undergoes an IT
security check.
3.5.3
Pieces of advice
3.5.4
Course of action
29
30
c TU M
unchen, sebis, 2012.
3.6
3.6.1
Corporate-wide systems
Objectives
The objective of this work stream is to plan the technical separation of corporate-wide
used IT systems. In particular, the main focus is put on systems operating on data shared
together by selling company and subsidiary. The final outcome is, that selling organization
and subsidiary have exclusive read and write access permissions to their own data even if
the underlying IT systems are still commonly used.
3.6.2
Constraints
The subsidiary follows the IT system migration roadmap of the selling organization,
i.e., there are no different IT system versions for subsidiary and seller in parallel.
The cost for any IT system customization must be fully funded by the requesting organization. An exception are all adjustments which are imposed by legal constraints.
3.6.3
Pieces of advice
The type of data separation depends on the specific data stored in an IT system.
Generally, logical and/or physical separation are possible.
Country-specific legislation and company specific guidelines determine whether the
data of an IT system has to be considered critical, thus needs to be separated.
Starting on the level of IT systems (not business/IT capabilities, services, or infrastructure) is suitable for identifying the need for a data separation.
To pro-actively ease a potential data separation already in the IT system development
phase, technical access and interface mechanisms should be put in place.
Prior to the separation of an IT system, it is recommendable to check whether confidentiality agreements, functional process adjustments, or process outsourcing could
replace the costly split-up.
3.6.4
Course of action
Identification
1. The IT carve-out team identifies those IT systems that will be used by selling organization and subsidiary after the carve-out transition phase is completed [La09]. All
c TU M
unchen, sebis, 2012.
31
Shared ITSystem?
Yes
Data type?
Personal
Company
No
AntiTrust
ThirdParty
Critical
data?
Yes
No
Separation without
system changes?
Yes
No
a) NDA
b) Process adaptation
c) Process outsourcing
a) Logical separation
b) Physical separation
Final state
Decision
Vorgaben
Fachliche
bersetzte
Top-down questioning
of participating business departments (starting point for
InformationsFachbereich
Rechtswesen
technologie
discussions are business
processes and their supporting IT systems).
Bottom-up
questioning of IT system
owners as well as local IT departments
fachliche
Anforderungen
Anforderungen
which embed the system in a technical
context (e.g., network and firewall).
Analysis of secondary sources, for instance, EA management tools. Depending
on the EA data quality, the gathered information possibly needs to be doublechecked with respective experts from IT and business departments.
2. The IT carve-out team prepares carve-out system forms for the business departments
of selling organization and subsidiary (see example in Appendix 5). If possible, the
form also includes the total number of users and administrators as well as the different
user types (external, internal). The form focuses on a single-system view. Hence,
interfaces and interconnected systems are not considered.
Classification and analysis
1. The business departments of seller and subsidiary decide on the data classification
and its criticality for all shared IT systems with their signature on the respective
carve-out system form. If the data (and therefore the system) is considered critical,
they both explore the option of separating the data without changes to the IT system
(see Figure 3.2). The type of separation is decided based on the following sources:
corresponding carve-out system forms, business departments knowledge about data,
type and number of system users, and data usage. The carve-out system forms of all
non-critical IT systems are archived.
Note: Instead of marking data and related IT systems generally as critical, it is
advantageous for the subsequent implementation to define the criticality on a more
32
c TU M
unchen, sebis, 2012.
fine-granular level (for example on an attribute level). In consequence, a costly allor-nothing separation will be prevented.
2. The IT carve-out team centrally signs an analysis and development contract with the
owners of the critical IT systems. An analysis includes a thorough system analysis
(data access perspective: seller - subsidiary and subsidiary - seller) and results in a
functional specification.
3. The functional specification is accepted or rejected by the legal departments.
4. The IT system owners draw up a time, cost, and resource estimation and assign the
task of implementing the functional specification to IT employees.
Note: The type of an IT system separation is, among others, contingent on the number and types of users (internal, external) as well as usage patterns (see Figure 3.2).
In some cases, it is possible to make use of quick and inexpensive auxiliary solutions,
for example by:
(a) Signing confidentiality agreements by the users
(b) Adapting business processes and as a consequence the user groups
(c) Outsourcing the IT system supported business process(es)
The technical and/or legal feasibility of each individual solution should be assessed
in that order. IT system administrators play a special role, since they are granted
access to all data even after the separation. An additional solution must be prepared
for them, for example by signing confidentiality agreements.
Implementation
1. The IT system owner and the assigned IT employees implement the system changes
by means of IT projects. Thereby, the protection of organization-specific data has to
be bidirectional:
(a) Protection of the selling organizations data against unauthorized access from
the separated subsidiary
(b) Protection of the subsidiarys data against unauthorized access from the selling
organization
Note: In particular, the protection of the subsidiarys data against the seller can
possibly be time and cost consuming, since this type of separation applies usually
only in carve-out situations. In contrast, the protection of the sellers data against
external entities happens more often (e.g., when cooperating with third-party service
providers).
The following aspects have to be taken into account in case of a logical IT system
separation:
c TU M
unchen, sebis, 2012.
33
(a) Logical separation of data through the introduction of a subsidiary-specific discriminator in the IT system, if technically feasibly.
(b) Separation of common user groups.
(c) Allocation of new user-identifications (user IDs) with data read and write access
permissions for the employees of the seller and subsidiary.
Note: Rather than to create new user identifications, it is possible to adapt read and
write access permissions of existing users to reflect the new organizational situation.
2. Both business and legal departments inspect and approve the modified IT systems.
34
c TU M
unchen, sebis, 2012.
3.7
3.7.1
Local systems
Objectives
The main objective of this workstream is the separation of the local IT systems, i.e., on-site
applications which will still be used by seller and subsidiary after the carve-out. In line with
their corporate-wide counterparts, the aspired target state is that selling organization and
subsidiary have exclusive access to their organization-specific data. The following sections
discuss subtleties decisive when separating local IT systems.
3.7.2
Constraints
In the process of separating local IT systems and in particular data classification, local
legislation has to be closely taken into consideration. For example, the treatment of
personal data is restrictively regulated in Germany.
3.7.3
Pieces of advice
If external service providers are involved in the IT system separation process (concept
development, realization) additional examination of the progress and outcome quality
has to be ensured (i.a., by the carve-out team). The main reason behind this measure
is the danger of a know-how monopoly these external providers may obtain regarding
the local systems.
In particular for local IT systems, often used exclusively on-site by a limited amount
of users, it is recommended to use Non-Disclosure Agreements (NDAs) to circumvent
technical modifications in these systems.
NDAs are not a panacea as they do not resolve organizational inter-dependencies.
Their drafting requires the participation of both legal departments akin to the approach in corporate-wide IT systems.
3.7.4
Course of action
c TU M
unchen, sebis, 2012.
35
3.8
3.8.1
The objective of this work stream is the logical separation of the subsidiarys infrastructure
from the selling organization. While the term infrastructure refers to the physical hardware (server, switches, clients, communications technology), the term network denotes the
different types of computer networks (e.g., WAN, LAN, WLAN).
3.8.2
Constraints
3.8.3
Pieces of advice
36
c TU M
unchen, sebis, 2012.
3.8.4
Course of action
Note: The activities 1-4 are only apply, if the corresponding information about infrastructure and networks is not yet available or in poor quality.
1. The IT carve-out team identifies and documents for all IT systems used by the
subsidiary the associated infrastructure elements as well as existing networks (Open
Systems Interconnection (OSI)-model Layer 2 and 3).
2. The IT carve-out team carries out an IP-address analysis for each shared IT system
taking on an IT system-centric view.
3. The IT carve-out team carries out a communication analysis in the selling organizations network to identify additional IP-addresses (infrastructure-centric view).
4. The IT carve-out team examines security weaknesses in the sellers networks and
assuming an administrator as well as an end-user role (security-centric view).
5. The IT carve-out team develops a network solution (e.g., through firewalls) based on
the identified IP-addresses and IT system user data. The solution should enable an
unidirectional access for the subsidiary to the selling organizations network. When
realizing this type of logical separation, it has to be guaranteed, that:
(a) Only the subsidiary has the possibility to access the networks of selling and
buying organization. Moreover, the access has to be restricted only to the
needed IT systems (need-to-know principle).
(b) The legal constraints and corporate policies of all three organizations are obeyed.
6. The IT carve-out team commissions the IT departments of the involved organizations
to design and roll out a change process to keep the network solution always up-to-date
(e.g., adaptation of firewall rules). In case of an IT system change (e.g., adaptation
of business logic), adjustment of infrastructure elements (e.g., relocation of servers),
or specific requirements of the involved organizations (e.g., introduction of new user
roles) this process will be carried out. The design of that process is mutually agreed
between all participating IT departments as well as potential IT providers.
7. The IT carve-out team consults the subsidiary in the migration of infrastructure
elements and its network.
c TU M
unchen, sebis, 2012.
37
3.9
3.9.1
The core objective of this workstream is to adapt the user access rights of corporate-wide
and local IT systems.
3.9.2
Constraints
The requirements of the existing legal framework (principles and guidelines) have
to be met. For instance, according to German law all IT system user-dumps must
be encrypted and approved by the works council since the extracts contain personal
data.
3.9.3
Pieces of advice
The identification process and results of existing IT system users have to be made
transparent (for instance by protocols) allowing to re-validate the gathered information later on in the carve-out. This is especially important if an external company is
commissioned to determine the systems users.
Similarly, the assignment of a user to either the subsidiary or selling organization
must be made transparent.
An IT system user clean-up, hence the purging of users and their data access rights,
necessitates in-depth knowledge about the respective authentication and authorization processes. Oftentimes, the processes of the systems differ considerably from each
other, given that they depend, among others, on the age, technology, and IT service
structure of the historically developed IT systems. To speed-up future carve-out
challenges, it is recommended to document the processes in advance while keeping
this information up-to-date.
The time for cleaning up IT system users varies. This explains the strong difference
in costs and expenses per system.
3.9.4
Course of action
1. The IT carve-out team determines existing user identifications (user-IDs) for each
corporate-wide and local IT system.
2. The IT carve-out team determines the affiliation of each user identification to the
selling organization or subsidiary respectively.
38
c TU M
unchen, sebis, 2012.
3. The IT system owner determines for each combination of IT system and data object,
whether the subsidiary or seller should not have access to it (excluding approach),
thus determines the to-be access rights. Thereby, the team members base their work
on the criticality of the data classes.
4. The IT system owners carry out a user clean-up by
creating/requesting new user identifications and granting the adjusted to-be
access rights or
creating/requesting new user identifications, adopting the access rights from the
old identifications, and adjusting them according to the to-be access rights.
Both cases require the deactivation or deletion of the old user identifications.
c TU M
unchen, sebis, 2012.
39
40
c TU M
unchen, sebis, 2012.
4
Conclusion
According to a recent KPMG study, the average transaction costs of a carve-out amounts
to 5% of the sales revenue an organization receives when carving-out parts of it and selling
them to a buyer [Do12]. One possibility to bring down these costs is to enhance the organizational capability which is concerned with the separation of IT elements. Unfortunately,
existing literature coping with a structured and systematic approach to de-merge IT is
rather scarce. To improve this situation, this guide provides clear guidance on what and
how IT elements can be separated and prepared for a subsequent integration.
After having set the stage with a short motivation to the topic, the document outlines a
consolidated body of knowledge, which defines, among others, drivers, types, IT strategies,
and IT elements of carve-outs. In a second step, the guide details on the separation of
specific IT elements on the basis of eight dedicated workstreams. Thereby, each workstream
is structured similarly while being topic-centric and modular. In this sense, workstreams
are perfectly suited to address the needs of different IT carve-out actors. Their practiceproven content extracted from a case study guarantees feasibility and concreteness at the
same time.
Main parts of this guide originate from findings we gained when observing one IT carve-out
in the German automotive industry. Future research in this field should validate our work
by means of additional case studies, preferably from non-automotive sectors and countries
other than Germany. Besides a broader empirical basis, the two remaining IT carve-out
strategies (retention and transition to the buyers IT) have to be paid attention to as
well. Certainly, this can be only achieved if further carve-out cases are analyzed given the
limited number of published results. Future research should also attempt to contextualize
the dimension of IT, i.e., embed the presented workstreams in a broader carve-out setting.
As an example, we refer to Penzel and Pietig who added a one page Merger Navigator
to their book clustering different work packages of a specific merger dimension at a certain
point in time [PP00]. As briefly touched in Section 2.10 of this guide, additional studies
could substantiate the topic of carve-out readiness, i.e., pro-active measures preparing an
organization to separate elements of its business and IT. Furthermore, the aspect of IT
carve-out governance seems promising for us. Perused literature as well as our case study
did not unveil any role schemes, meeting frequencies, and board structures meaningful for
an IT separation project program. Lastly, presented workstream descriptions should be
extended with additional artifacts easing their implementation in the course of a timecritical and demanding transformation period.
We want to express our gratitude to all interview partners for the time spent and the
c TU M
unchen, sebis, 2012.
41
open discussion about their personal experiences they made during the carve-out. In
addition, we thank Pawel Kwiecien for his support when compiling this document. With
this guide, we want to encourage academics and practitioners to provide us with feedback
regarding additional literature, case studies, ongoing research projects, as well as personal
experiences.
Contact
42
c TU M
unchen, sebis, 2012.
5
Glossary
43
IT service contract An IT service contract describes a legal and binding contract between provider and customer for recurring services. The goal is to make the control
capabilities transparent for the customer by which guaranteed performance characteristics such as scope, reaction time, and processing speed are described in detail.
An important element is the quality of a service measurably describing the agreed
performance quality. All quality information is kept by so-called Service Level Agreements (SLAs).
IT system An IT system is a well-defined collection of business functions, which enable
effective and efficient implementation of business processes. It consists of IT components and own program logic and addresses different business use cases.
Logical separation Logical separation is defined as the software-technical separation of
an IT system, IT component, infrastructure and networks, as well as data associated
with them. Among others, this is achieved by a copy of the software, introduction of a
multi-tenancy capability, virtual machines, or by setting up a firewall and/or Virtual
Private Networks (VPN) tunnel. Whenever implementing this (partially very timeconsuming) virtual encapsulation, the underlying hardware remains identical.
Need-to-know-principle The need-to-know-principle describes a security objective applicable for legally and/or business critical information. It defines that only this set
of data has to be made accessible to an actor, which is immediately required for the
fulfillment of his/her process steps.
OSI model The Open Systems Interconnection (OSI) reference model is a layered model
from the International Organization for Standardization (ISO) which was developed
as a design basis of communication protocols in computer networks. The tasks of
the communication are divided into seven consecutive layers in which for each layer
a description defines its specific purpose.
Physical separation Physical separation is defined as the hardware-technical separation
of an IT system, IT component, infrastructure and networks, as well as data associated with them. Additional physical-existing technology such as network wires,
switches, and storage devices have to be employed when realizing this type of separation.
UML The Unified Modeling Language (UML) is an standardized object modeling and
specification language to specify, design, and document software components and
other systems. Initially created by the Object Management Group (OMG) in 1997,
its current version 2.1.2 is managed by OMG along with the ISO.
User clean-up A user clean-up is defined as a system-centric adaption of user identifications regarding their data access rights.
44
c TU M
unchen, sebis, 2012.
Appendix
IT system name:
IT system owner:
Business dept. ([Selling company]):
Business dept. ([Subsidary]):
Planned system separation date:
Separated by IT system:
c TU M
unchen, sebis, 2012.
45
Separation mechanisms
NDA
Process adaptation
Logical separation
Physical separation
Process outsourcing
Remarks
Yes
No
Separation deadline:
2
2
Name
Date
Name
Date
46
c TU M
unchen, sebis, 2012.
Personal
data
Corporate
data
Anti-trust
data
Selling company
Data criticality
Yes
No
Third-party
data
Subsidary
Yes
No
Remarks
c TU M
unchen, sebis, 2012.
47
Bibliography
[AA10]
[BESC07] Buchta, D.; Eul, M.; Schulte-Coonenberg, H.:. Strategic IT Management: Increase value, control performance, reduce costs. In Strategic IT Management:
Increase value, control performance, reduce costs. pages 6281. Gabler Verlag.
Wiesbaden, Germany. 2nd edition. 2007.
[Bo10]
[Bo11]
[BS06]
Broyd, R.; Storch, B.:. Carve to measure. In (Wirtz, B. W., Ed.): Handbuch Mergers & Acquisitions Management. pages 12231237. Gabler Verlag.
Wiesbaden, Germany. 2006.
[Ca03]
Cascorbi, A.:. Demerger-Management: Wertorientierte Desintegration von Unternehmen. Deutscher Universitatsverlag. 1st edition. 2003. 978-3824479450.
[Co68]
[De10]
[Do12]
Domke, B.:. Was ist ein Carve-out? Harvard Business manager. page 17. 2012.
[DW08]
Domer, F.; Witt, H.:. Mastering IT separation - A methodology for carveouts and de-mergers. Technical report. Arthur D. Little. Frankfurt am Main,
Germany. 2008.
[Fa09]
Faehling, J. et al.:. Managing an IT carve-out at a multi-national enterprise Teaching case description. In 17th European Conference on Information Systems
(ECIS2009). 2009.
48
c TU M
unchen, sebis, 2012.
[Fa11]
[La09]
[Le08]
[MS95]
Michaely, R.; Shaw, W. H.:. The Choice of Going Public: Spin-offs vs. Carveouts. The Journal of the Financial Management Association. 24(3):521. 1995.
[OG07]
[PP00]
[Sc11]
[Sm08]
[TM11]
Treccapelli, A.;
Murad, Y.:.
How technology can make or
break
a
carve-out.
http://www.computerweekly.com/opinion/
How-technology-can-make-or-break-a-carve-out
(cited
2012-06-14).
2011.
[Wi12]
c TU M
unchen, sebis, 2012.
49
50
c TU M
unchen, sebis, 2012.